b'                      U.S. COMMODITY FUTURES TRADING COMMISSION\n                                            Three Lafayette Centre\n                                 1155 21st Street, NW, Washington, DC 20581\n                                         Telephone: (202) 418-5000\n                                          Facsimile: (202) 418-5521\n                                                www.cftc.gov\n\n\n\n   Office of the\nInspector General\n                                     MEMORANDUM\n\n\n\n\n      TO:             Timothy G. Massad, C hairman             .n \'- Q\n      FROM:           A. Roy Lavik, Inspector General    0 \\ ~ d--\n      DATE:           October 0 I, 20 14\n\n      SUBJECT:        CFTC-O IG Performance A udit- Managemenl \'s Use of Information\n                      Technology Resources in Support of its Strategic Plan and Regulatmy\n                      Responsibilities\n\n       Attached is the Commodity Futures Trading Commission \' s O ffi ce of the Inspector\n       General \'s (OIG) audit report o n\n\n       Management\'s Use of IT Resources in Support of its Strategic Plan and Regulatory\n       Responsibilities.\n\n       My office contracted with an Independent Public Acco unting (IPA) firm to conduct this\n       performance audit. We monitored the IPA \' s work and concur with the results of this audit.\n\n       Should you have any questio ns regarding this report, please do not hesitate to contact me.\n       I appreciate the courtesy and cooperati on that the staff in the Office of Data and\n       Technology extended to my staff and contractors during thi s audit.\n\x0c              Clifton LarsonAllen\n\n\n\nU.S. COMMODITY FUTURES TRADING COMMISSION\n\n\n\n                             Report on\nManagement\'s Use of Information Technology Resources in Support\n      of its Strategic Plan and Regulatory Responsibilities\n\x0c                                                 TABLE OF CONTENTS\n\n\nINTRODUCTION ....................................................................................................................... 1\nBACKGROUND ......................................................................................................................... 1\nSUMMARY OF RESULTS ......................................................................................................... 1\nSCOPE AND METHODOLOGY ................................................................................................. 3\nMANAGEMENT\'S RESPONSE ................................................................................................. 5\n\n\n\n\nABBREVIATIONS\n\nCFTC                          U.S. Commodity Futures Trading Commission\nCLA                           CliftonlarsonAIIen LLP\nCEA                           Commodity Exchange Act\nDFA                           Dodd-Frank Wall Street Reform and Consumer Protection Act\nFY                            Fiscal Year\nOIG                           Office of the Inspector General\nODT                           Office of Data and Technology\nIT                            Information Technology\n\x0c           .\nINTRODUCTION\n\nThe U.S. Commodity Futures Trading Commission (CFTC) was created by the Congress in\n1974 as an independent agency with a mandate to regulate commodity futures and option\nmarkets in the United States. Its mission is to protect market participants and the public from\nfraud, manipulation, abusive practices, and systemic risk related to derivatives-both futures\nand swaps-and to foster transparent, open, competitive, and financially sound markets. In\ncarrying out its mission and to promote market integrity, CFTC polices the derivatives markets\nfor various abuses and works to ensure the protection of customer funds. The agency also\nseeks to lower the risk of the futures and swaps markets to the economy and the public. CFTC\'s\nfiscal years (FYs) 2011, 2012, and 2013 total budgetary resources from its audited financial\nstatements approximated $230 million, $325 million, and $308 million, respectively.\n\nCliftonLarsonAIIen LLP (CLA) was engaged by CFTC\'s Office of the Inspector General {OIG) to\nconduct an audit of CFTC management\'s use of information technology {IT) resources in\nsupport of its strategic plan and regulatory responsibilities under the Commodity Exchange Act\n(CEA) and Dodd-Frank Wall Street Reform and Consumer Protection Act (DFA). The objective\nof this audit was to determine the highest IT priorities documented in CFTC\'s draft IT acquisition\nplan and spend plans for FYs 2011 through 2013. In addition, we reviewed the various\ncategories the agency targeted for spending (i.e. IT advisory and assistance services, including\nnew software development for market surveillance, IT supplies and materials, IT equipment\noperations and maintenance, etc.); evaluated the consistency of the prioritized IT activities with\nCFTC\'s strategic plan; and determined whether the deliverables associated with these IT\nprojects were on schedule to meet contract objectives for FY 2011 through 2013. Our audit is\nlimited to the spending prioritization specified in CFTC\'s draft acquisition plan on IT for the FYs\n2011 through 2013.\n\nBACKGROUND\n\nCFTC\'s Office of Data and Technology (ODT) has primary responsibility for establishing and\nexecuting technology and data management support for CFTC\'s market and financial oversight,\nsurveillance, enforcement, legal, and public transparency activities. ODT also provides general\nnetwork, communication, storage, computing, and information technology management\ninfrastructure and services.\n\nSUMMARY OF RESULTS\n\nOur audit found that CFTC management\'s use of funds targeted for the highest priority was\ngenerally consistent with its draft IT strategic plan and spend plans as updated for FY 2011\nthrough 2013. Our analysis of a representative sample of contracts showed that CFTC\nmanagement monitored the performance of their contractors in accordance with those contracts\'\nmilestone deliverables in support of its CFTC strategic goals. In addition, we observed that the\nODT spent over 63% of its IT budget on IT advisory and assistance services each year from FY\n2011 through 2013. On a sample basis, we reviewed the largest contracts covering\napproximately 57%, 60% and 49\xc2\xb0A\xc2\xbb of the total IT spending for FY 2011, FY 2012, and FY 2013,\nrespectively, and their related task orders included in the aforementioned category. We found\nthe following:\n\n\n\n\n                                                1\n\x0c FY 11\n Staff augmentation and hardware enhancements as well as software licenses represented\n approximately 27% of the contracts reviewed. The remaining 73%, represented software\n modernization and surveillance enhancements.\n\n FY12\n Staff augmentation and hardware enhancements as well as software licenses represented\n approximately 42% of the contracts reviewed. The remaining 58% represented software\n modernization and surveillance enhancements.\n\n FY13\n Staff augmentation and hardware enhancements as well as software licenses represented\n approximately 50\xc2\xb0/o of the contracts reviewed. The remaining 50\xc2\xb0k represented software\n modernization and surveillance enhancements.\n\n The dollar and percentage breakout of CFTC\'s IT spending between the two largest IT\n categories: staff augmentation, hardware enhancements and software licenses, and software\n modernization and surveillance enhancements are shown in Table 1.\n\n Table 1: CFTC IT Spending, Fiscal Years (FYs) 2011,2012 and 2013 (unaudited)\n\n                               Percentage                Percentage                Percentage\xc2\xb7\n                  \'FY2011                    FY2012                    FY 2013\n                                 of Total                 ofTot~l                  .. ofTotal\n                   Amount                    Amount                    Amount\n                                Spending                 Spending                    Spending \xc2\xb7\nStaff\naugmentation,\nhardware\n                   5,891,775      27\xc2\xb0/o     11,447,971      42\xc2\xb0k      10,408,392      50%\nenhancements,\nand software\nlicenses\nSoftware\nmodernization\nand               15,848,809      73%       15,748,465      58\xc2\xb0k      10,368,493      50%\nsurveillance\nenhancements\nTotal\nSpending          21,740,584     1000_4,    27,196,436     1000_4,    20,776,885      100o/o\nAnalyzed\nTotal\nObligations for   37,853,408                45,404,675                42,010,035\nODT\n%evaluated        57\xc2\xb0k                      600!{,                    49\xc2\xb0k\n\n Source: CFTC Office of Data & Technology Actual Obligations- FY 2011, 2012 and FY 2013\n Information Technology Budget, unaudited data.\n\n\n\n\n                                                2\n\x0cOther Observation (unaudited)\n\n\nTable 2: CFTC information technology resources appropriated and obligated by fiscal\nyear (unaudited)\n\n                                 FY 11                      FY12                    FY 13\nAppropriations*               202,675,000                205,294,000             205,294,000\nAppropriation for IT\n                             37,200,000***               55,000,000               55,000,000\ninvestments\n\nObligated:\n   Operations                  37,853,408                45,404,675               42,010,035\n   Other**                      253 016                    322.784                 100 504\nTotal Obligations              38,106,424                45,727,459               42,110,539\n\n\n* Amounts are specific to the original pubic law and do not include rescissions, adjustments, etc.\n** This category includes staff training, incentive awards travel, etc.\n***Public law states "that not less than $37.2 million shall be for the highest priority information\ntechnologies of the Commission." The aforementioned amount represents the lowest amount\navailable to obligate. However, CFTC had the authority to obligate additional funding for IT\nefforts.\n\nSource: CFTC ODT Actual Obligations and Expenditures detail by fiscal year, unaudited data.\nAlso, the amounts reported as appropriated are pursuant to CFTC\'s appropriations for each\nfiscal year.\n\nThe total full time equivalents and the related salaries and expenses to carry out the ODT IT\nstrategy and objectives by fiscal year are shown in Table 3.\n\nTable 3: CFTC Full-Time Equivalents (FTEs)\n\n                         FY 2011                     FY 2012                FY 2013\nODT personnel            80*                         83*                    83*\nSalaries and\n                         12,259,889                  14,602,091             15,017,021\nExpenses\n\nSource: *Fiscal Year\'s 2013, 2014 and 2015 President\'s Budget, unaudited data\n\nSCOPE AND METHODOLOGY\n\nOur audit was limited to evaluating CFTC management\'s use of its IT resources in relation to its\ndraft IT acquisition plan and spend plans for FYs 2011 through 2013. We reviewed CEA and\nDFA provisions, as well as CFTC\'s draft IT acquisition plan, IT spend plans, and IT policies and\nprocedures, including the Project Management Life Cycle and related narratives and flowcharts.\nIn addition, we selected a sample of contracts from FYs 2011 through 2013 to evaluate\nevidence of CFTC management\'s monitoring of the agency\'s performance during the target\nperiod in support of specific IT objectives. We interviewed key officials within ODT about\n\n\n\n\n                                                 3\n\x0cplanning and executing the IT investment strategy in relation to legislation such as CEA, DFA,\nand CFTC\'s strategic plan and other CFTC guidance.\n\nWe conducted this performance audit in accordance with Government Auditing Standards,\nissued by the Comptroller General of the United States. Those standards require that we plan\nand perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for\nour conclusion based on our audit objective. We believe that the evidence obtained provides a\nreasonable basis for our conclusion.\n\nThis report is intended solely for the information and use of CFTC\'s management and OIG, and\nis not intended to be, and should not be, used by anyone other than these specified parties.\n\n\n\n\nCalverton, Maryland\nSeptember 8, 2014\n\n\n\n\n                                                4\n\x0cMANA.GEMENT\'S RESPONSE\n\n\n                          U.S. COMMODITY FUTURES TRADING COMMISSION\n                                                Three Lafayette Centre\n                                     1155 21st Street, NW, Washington, DC 20581\n                                             Telephone: (202) 418-5000\n                                              Facsimile: (202) 418-5521\n                                                    www.cffc. gov\n\n\n\n   Office of Data & Technology\n\n                                            MEMORANDUM\n\n\n              ELECTRONIC MAIL\n\n               TO:            A. Roy Lavik, Inspector General\n\n               FROM:          Jotm L. Rogers, Chief Infonnation Officer\n               DATE:          September 30,2014\n               SUBJECT:       CFTC OIG Report on Managemenfs Use oflnfonnation Tectmology\n                              Resomces in Support of its Strategic Plan and Regulatory\n                              Responsibilities\n\n\n                 The Office of Data and Teclmology concurs with the results of the report and will\n         continue to prioritize the use of infonnation tectmology (IT) resources in accordance with CFTC\n         strategic and CFTC IT strategic plans.\n\n\n\n\n                                                       5\n\x0c'